Blog posts

One way to effectively build and maintain organizational resilience on an enterprise level is creating a cyber security program that repels and recovers from cyber attacks, following the Four Rs of Resilience: Robustness, Redundancy, Resourcefulness, and Rapidity. For our purposes with regards to WannaCry, let’s focus on just two factors: Robustness and Redundancy.

As business enters the digital age, cyber resilience must become a regular agenda item for boards and excos. Nobody can identify and prepare for all the risks that threaten ICT systems, so it is essential that security and risk mitigation measures are part of a wider programme to ensure that the organisation can detect a cyber attack, respond appropriately and recover operational functionality.

“Maybe you are busy looking for a way to recover your files but do not waste your time. Nobody can recover your files without our decryption service”. This is what users infected by the WannaCry virus read on their screens having accidentally let the malware in.

​NHS services across England have been hit by an IT failure caused by a significant cyber attack, with Trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire all affected. Some GP surgeries have shut down their phone and IT systems while Accident and Emergency Departments have told people not to attend unless it is a real emergency.

Sonny Sehgal and Adam Blake, from Crises Control partners Transputec and ThreatSpike, will be talking about the social engineering threat in their webinar on ​cyber security and the insider threat during Business Continuity Awareness Week 2017 on Tuesday 16th May.

Password leaks from public breaches help us learn how people think, allow us to identify patterns and build dictionaries of passwords. As password cracking methods evolve, Upper characters, Lower characters, Special characters and Digits (ULSD) recommendations and password complexity mean less.

We have recently seen two significant cyber attacks on big businesses hitting the news, and these are just the ones we know about. The ability for hackers to gain access to systems through technical means is not to be underestimated, and specialists work tirelessly to build and maintain secure systems that are now integral to our business and personal lives.

Preparing for the 'unexpected' is not a new idea. Over the last 50 years, the business continuity industry has grown out of the need to protect businesses from the unexpected and expected interruption. However, when we stop and think about the threats BC professionals must mitigate in today’s BC plans versus 20, 10 or even 5 years ago, all agree there is a new threat landscape.

It is hard to get away from the presence and scale of the cyber security threat. The media is full of stories of companies who have been hit by a data breach. UK government figures from the Information Security Breaches Survey 2015 indicate that the average cost of the most severe online security breaches range from £1.5 to £3.1 million for big business and from £75,000 to £311,000 for SMEs.

​Sometimes when I visit banks I find myself looking at scribbled Post-it notes containing user name and password attached to PCs. I may also see a neatly typed record of the key code necessary to access a secure gate or door within easy sight of any external visitor.

Related material

Organisations are increasingly focused on understanding the impacts a cyber attack could have on their operations and reputation. Many are now using cyber scenarios in their crisis exercises to test and validate their assumptions on how they would respond and reflect on the unique challenges a cyber attack could bring.

Related material

The 30th March was both World Back-up Day and the third day of the (suspected) largest-yet hospital ransomware attack in the United States. At the time of this writing, ten hospitals in and around Washington DC, serving hundreds of thousands of patients, are still struggling to recover after suffering an apparent ransomware attack on Monday.

According to media reports, Hollywood Presbyterian Medical Center in Los Angeles paid a $17,000 ransom to a hacker in order to unlock email and electronic health records that had been encrypted by malware. While the Hospital affirms that patient health was never in jeopardy, the staff’s ability to share the results of X-rays, CT scans, and other medical tests was impacted.